>>>>> "Dirk" == Dirk Schenkewitz <schenkewitz@docomolab-euro.com> writes:
Dirk> Greg Thomas wrote:
>> On Wed, 16 Nov 2005 14:03:15 +0100, Ryan Schmidt
>> <subversion-2005@ryandesign.com> wrote:
>>
>>
>>> They use md5 hashing by default on Windows, Netware and TPF, and
>>> crypt encryption on all other operating systems, or you can also
>>> use sha hashing. None of these are reversible.
>>
>>
>> However, MD5 is now easily brute-forceable -
>> http://www.rainbowcrack-online.com/
No, MD5 is not brute forceable, easy or not so easy. If you read the
website you pointed to, you'll see it says no such thing. Which is
good because it would be fiction otherwise.
What IS true is that if your password is too short, it can be
recovered by brute force attack. And if you make a mistake in the
details of your hashing so the effective length is shorter than the
user password, then too you are vulnerable.
It *is* true that MD5 has shown some signs of weakening, but those are
still only to the level of being of (significant) theoretical
interest.
Dirk> Just hot an idea: How about making it configurable in the
Dirk> client and offer several obscuring methods: - none/plain
Dirk> (default - as it is now) - md5 - blowfish - crypt - ...
"crypt"? You mean DES? That would be rather a bad idea, since that
one IS clearly brute forceable (though still not easily).
From among the set you listed, MD5 is still the most highly tested.
If you want to do better, there's SHA-1, or (without as much track
record) SHA-256. Or AES.
But the real issue is in all the other aspects. Picking the right
crypto function isn't all that hard -- pick one of the two or three
widely studied good ones. (That means AES if you want a block cipher,
or 3DES if you want a very slow one; SHA-1 or SHA-256 if you want a
hash. That's the whole list...) The tricky part is to get all the
other details of a challenge-response handshake right. For example,
there's the classic CHAP, with its associated set of vulnerabilities.
And there are others, which have a different set. And if you design
your own, it will almost certainly be worse, unless you spend a LOT of
time on understanding all the intricacies of security protocol design,
and have the work peer-reviewed by professional cryptographers.
paul
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Nov 16 17:13:16 2005